Sergey Chubarov
Security Expert
Paço de Arcos, Portugal
Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies.
His day-to-day job is to help companies securely embrace cloud technologies.
He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, Microsoft Certified Trainer, MCT Regional Lead, EC Council CEH, CPENT, LPT, CCSE, CEI, CREST CPSA, CRT and more.
Frequent speaker at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin' Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box, Hack in Paris etc.
Prefers live demos and cyberattacks simulations.
Links
Area of Expertise
Topics
AMSI & CLM: acronyms that stop Powershell attacks
PowerShell is a de facto scripting standard for administrative tasks on Windows. It's POWERful and already built in. This also makes it popular among attackers. To limit "unauthorized administration" Microsoft introduced number of security features like Antimalware Scan Interface (AMSI) and Constrained Language Mode (CLM).
The session will lift the veil on those technologies, as well as demonstrate methods can be used to bypass protection. The session contains:
- Understanding AMSI
- Reverse engineering AMSI
- AMSI bypass methods
- Understanding CLM
- Dive into PowerShell runspaces
- CLM bypass methods
Behind the curtain of PowerShell cmdlets
PowerShell is widely used, but a few thinks about how cmdlets work behind the scenes.
This knowledge allows IT administrators find hidden capabilities even in built-in cmdlets, developers create their own, and better understand PowerShell-based attacks for security engineers.
The session sheds light on well-known cmdlets and how to overcome some built-in limitations.
Demo-based session contains:
- Win32 API intro
- Monitoring Built-in Cmdlets API Calls
- Analyzing API Calls in a source code
- Abstract Win32 API functions with PSReflect
- Customize Built-in Cmdlets
Managed Identity for Hackers and Developers
There are so many managed cloud services today, it can be hard to follow what each is used for. This makes access management a critical area on which cloud security professionals should focus.
Managed identities provide an identity for applications to use when connecting to resources that support Microsoft Entra ID authentication.
As with any identity, this must be configured correctly, otherwise the identity may be compromised and the malicious actor can gain privileged access.
Session contains:
- Dive into Managed Identity and JWT tokens
- Azure resources enumeration
- Getting access to blob storage using compromised identity
- Retrieving Azure Key Vault secrets
- Extract data from SQL Database
Microsoft Defender for Office 365 evasion. The story of confirmed vulnerability
Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Safe Attachments routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent.
Safe Links provides time-of-click verification of URLs.
It sounds cool and, in fact, is a black box that we should completely trust.
Session is an opening of this black box, based on own research and discovered vulnerabilities.
Vulnerability was reported and confirmed by Microsoft Security Research.
Live demos only.
Session contains:
- Testing malicious attachments. An example of attachments that are detected.
- Inside the sandbox. What is Safe Attachments from the inside and how does it work.
- Safe Attachments bypass. How the vulnerability was discovered.
- The fix. What did Microsoft do to fix the vulnerability
- Testing malicious links. An example of links that are blocked.
- Safe Links bypass. How attackers can bypass the link protection.
The session will be of interest to everyone who is interested in cloud protection and uses the Microsoft 365 cloud.
Pentesting Azure Container Services
Containers are playing their role in the digital transformation by providing a fast deployment of cloud-native applications. Containers are also often viewed as secure, which is true. But how are they really well configured?
A demo-based session.
The session includes:
- Containers 101
- Backdooring Docker containers images
- Poisoning images on Azure Container Registry
- Compromise containers on Azure Container Instance
- Compromise containers on Azure Kubernetes Services
- Vulnerability Assessment
Sneaky Defense Evasion. Windows 11 security bypassed
Today's cybercriminals have a hard time: antiviruses, whitelisting, intrusion detection systems, etc. are used by many companies around the world. However, the number of security incidents is on the rise. While defenders implement security features, attackers learn to bypass them. Defenders should also learn evasion technics to keep up with attackers.
Get insights on Windows 11 security bypass in advanced scenario-based session.
Live demos only.
The session contains:
- Preparing the payload. Microsoft Defender AV Evasion
- Downloading the payload. Attack Surface Reduction bypass
- Executing the payload. Abusing Applocker configurations
- Covering the tracks. Ransomware vs Controlled Folder Access
Hack the domain with your favourite management tool
It is difficult to imagine deployment and management without such tools as Group Policy, Config Manager, Intune.
Since deployment and management tools have high access level, they can become double-edged sword.
Session covers how different service accounts can be compromised and used for malicious intent.
Recommendations for how to mitigate will also be given.
The session contains:
- Warm-up: Getting Network Access Account credentials.
- Domain Join Account creds extraction.
- LAPS will improve your security. Maybe.
- The King of Them All: Compromising Client Push Account.
- Passwords in SQL database.
- Recommendations.
Navigating the Battlefield: Leveraging MITRE ATT&CK Tactics
The current threat landscape necessitates organizations to proactively detect and remediate vulnerabilities before attackers discover and exploit them. The MITRE ATT&CK framework acts as a repository of tactics, techniques, and procedures that security professionals use to understand the behavior of attackers. Using the MITRE ATT&CK knowledge base that maps external and internal TTP, red teams can develop threat models and methodologies for more effective attacks. Researching the TTP through MITRE ATT&CK will enable analysts and defenders to better understand threats against their organizations or enterprises.
The session aims to better understand the importance of MITRE ATT&CK tactics in a live demo. The session will also demonstrate how Microsoft products use MITRE ATT&CK for SOC operations.
In the session:
- An introduction to MITRE ATT&CK tactics and techniques
- Designing breach and attack simulations process with the help of MITRE ATT&CK
- How Microsoft 365 Defender and Microsoft Sentinel use MITRE ATT&CK
psconf.eu 2024 Sessionize Event Upcoming
Experts Live Netherlands 2024 Sessionize Event Upcoming
DevSum 2024 Sessionize Event Upcoming
Midwest Management Summit 2024 Upcoming
MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2024 Sessionize Event Upcoming
EC-Council Cyber Talks Mar 24
EC-Council Cyber Talks Jan 24
European MCT Summit 2024 Sessionize Event
NDC Security 2024 Sessionize Event
ESPC23 - European SharePoint, Office 365 & Azure Conference Sessionize Event
Techorama Netherlands 2023 Sessionize Event
Workplace Ninja Summit 2023 Sessionize Event
MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2023 Sessionize Event
Experts Live Netherlands 2023 Sessionize Event
Techorama 2023 Belgium Sessionize Event
.NET Conference Armenia
CloudBrew 2022 - A two-day Microsoft Azure event Sessionize Event
Experts Live Netherlands 2022 Sessionize Event
Cloud Identity Summit '22 Sessionize Event
WorkPlace Ninja Summit 2022 Sessionize Event
European MCT Summit 2022 Sessionize Event
psconf.eu 2022 Sessionize Event
Techorama 2022 BE Sessionize Event
Microsoft 365 Virtual Marathon 2022 Sessionize Event
Teams Nation 2022 Sessionize Event
Canadian Cloud Summit 2022 Sessionize Event
MCT West Africa Cloud Bootcamp 2021 Sessionize Event
Azure Community Bootcamp Sessionize Event
CollabDays New England - Microsoft 365 2021 Sessionize Event
Virtual Azure Community Day #4 Sessionize Event
Cloud Identity Summit '21 Sessionize Event
BSides København 2021 Sessionize Event
PowerShell, DevOps and Cloud Conference Sessionize Event
Azure Summit Sessionize Event
WorkPlace Ninja Virtual Edition 2021 Sessionize Event
India Cloud Security Summit , 2021 Sessionize Event
Cloud Native Days with Kubernetes Sessionize Event
Azure Day Rome 2021 Sessionize Event
BSides Athens 2021
Offensive Azure Security
Wild West Hacking Fest
Offensive Azure Security
BSides Budapest 2021
Offensive Azure Security
Techorama 2021 Spring Edition Sessionize Event
M365 Philly Virtual 2021 Sessionize Event
Cloud Lunch and Learn Marathon 2021 Sessionize Event
Microsoft 365 Virtual Marathon Sessionize Event
Global Azure Virtual 2021, Greece Sessionize Event
Global Azure 2021-India Sessionize Event
Global Azure Austria 2021 Sessionize Event
Global Azure Virtual 2021 Sessionize Event
Global Azure 2021 - Spain Sessionize Event
MVPDays LIVE "Endpoint" Day Online 2021 Sessionize Event
Security BSides Dublin 2021 Sessionize Event
MCT Summit 2021 Sessionize Event
Virtual Scottish Summit 2021 Sessionize Event
Azure Saturday - Belgrade 2021 Sessionize Event
Global Security and Compliance Community Conference Sessionize Event
Microsoft 365 Friday California 2021 Sessionize Event
Modern Workplace Conference Paris 2021 Sessionize Event
Constant Call for Speakers - MC2MC events
Offensive Azure Security
IT Pro|Dev Connections 2020 Sessionize Event
Collabdays Munich & Vienna - Winter across the Alps Sessionize Event
Virtual Azure Community Day Sessionize Event
aMS Germany - 1/12/2020 Sessionize Event
Trust in Tech Cologne
Hackers won't pass - Microsoft Threat Protection
CollabDays BeNeLux Online 2020 Sessionize Event
WorkPlace Ninja Virtual Edition 2020 Sessionize Event
Microsoft 365 Virtual Marathon Sessionize Event
MCT Global Summit 2019
They grey box. Office 365 ATP insides
A penny saved. Optimizing Azure costs
TechMentor Microsoft HQ 2019 Sessionize Event
TechMentor Microsoft HQ 2019
Hackers won’t pass. Microsoft 365 Identity & Threat Protection in action
MCT NA Summit 2019
Hackers won't pass
MCT Global Summit 2018
To hack and protect with Azure
Hackers won’t pass. Microsoft 365 Identity & Threat Protection in action
Azure Global Bootcamp 2018
Azure provided Security
Tip and tricks for Azure IaaS